From 5e6645d1373554cbda985e6f0845445b2cf25f19 Mon Sep 17 00:00:00 2001 From: Romain Date: Mon, 1 Jun 2020 06:23:44 +0200 Subject: [PATCH] Ignore DL3006 and DL3008 by default --- .hadolint.yaml | 3 +++ all-spark-notebook/Dockerfile | 2 -- base-notebook/Dockerfile | 2 -- datascience-notebook/Dockerfile | 2 -- docs/contributing/lint.md | 22 ++++++++++++++++------ minimal-notebook/Dockerfile | 2 -- pyspark-notebook/Dockerfile | 3 +-- r-notebook/Dockerfile | 2 -- scipy-notebook/Dockerfile | 2 -- tensorflow-notebook/Dockerfile | 1 - 10 files changed, 20 insertions(+), 21 deletions(-) create mode 100644 .hadolint.yaml diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 00000000..6f37c3a7 --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,3 @@ +ignored: + - DL3006 + - DL3008 \ No newline at end of file diff --git a/all-spark-notebook/Dockerfile b/all-spark-notebook/Dockerfile index d01a0d4e..401a2d0a 100644 --- a/all-spark-notebook/Dockerfile +++ b/all-spark-notebook/Dockerfile @@ -1,7 +1,6 @@ # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. ARG BASE_CONTAINER=jupyter/pyspark-notebook -# hadolint ignore=DL3006 FROM $BASE_CONTAINER LABEL maintainer="Jupyter Project " @@ -13,7 +12,6 @@ ENV R_LIBS_USER $SPARK_HOME/R/lib RUN fix-permissions $R_LIBS_USER # R pre-requisites -# hadolint ignore=DL3008 RUN apt-get update && \ apt-get install -y --no-install-recommends \ fonts-dejavu \ diff --git a/base-notebook/Dockerfile b/base-notebook/Dockerfile index 5836c649..354b36c6 100644 --- a/base-notebook/Dockerfile +++ b/base-notebook/Dockerfile @@ -6,7 +6,6 @@ # OS/ARCH: linux/amd64 ARG ROOT_CONTAINER=ubuntu:bionic-20200403@sha256:b58746c8a89938b8c9f5b77de3b8cf1fe78210c696ab03a1442e235eea65d84f ARG BASE_CONTAINER=$ROOT_CONTAINER -# hadolint ignore=DL3006 FROM $BASE_CONTAINER LABEL maintainer="Jupyter Project " @@ -22,7 +21,6 @@ USER root # Install all OS dependencies for notebook server that starts but lacks all # features (e.g., download as all possible file formats) ENV DEBIAN_FRONTEND noninteractive -# hadolint ignore=DL3008 RUN apt-get update \ && apt-get install -yq --no-install-recommends \ wget \ diff --git a/datascience-notebook/Dockerfile b/datascience-notebook/Dockerfile index 5c4ce909..82803f57 100644 --- a/datascience-notebook/Dockerfile +++ b/datascience-notebook/Dockerfile @@ -1,7 +1,6 @@ # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. ARG BASE_CONTAINER=jupyter/scipy-notebook -# hadolint ignore=DL3006 FROM $BASE_CONTAINER LABEL maintainer="Jupyter Project " @@ -16,7 +15,6 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] USER root # R pre-requisites -# hadolint ignore=DL3008 RUN apt-get update && \ apt-get install -y --no-install-recommends \ fonts-dejavu \ diff --git a/docs/contributing/lint.md b/docs/contributing/lint.md index 65f06de3..7ce07bdd 100644 --- a/docs/contributing/lint.md +++ b/docs/contributing/lint.md @@ -1,6 +1,6 @@ # Image Lint -To comply with [Docker best practices][LK2], we are using the [Hadolint][LK1] tool to analyse each `Dockerfile` . +To comply with [Docker best practices][dbp], we are using the [Hadolint][hadolint] tool to analyse each `Dockerfile` . ## Installation @@ -51,18 +51,28 @@ $ make lint-all ## Ignoring Rules -Sometimes it is necessary to ignore [some rules][LK3]. The preferred way to do it is to flag ignored rules in the `Dockerfile`. +Sometimes it is necessary to ignore [some rules][rules]. +The following rules are ignored by default and sor for all images in the `.hadolint.yaml` file. + +- [`DL3006`][DL3006]: We use a specific policy to manage image tags. + - `base-notebook` `FROM` clause is fixed but based on an argument (`ARG`). + - Building downstream images from (`FROM`) the latest is done on purpose. +- [`DL3008`][DL3008]: System packages are always updated (`apt-get`) to the latest version. + +For other rules, the preferred way to do it is to flag ignored rules in the `Dockerfile`. > It is also possible to ignore rules by using a special comment directly above the Dockerfile instruction you want to make an exception for. Ignore rule comments look like `# hadolint ignore=DL3001,SC1081`. For example: ```dockerfile -# hadolint ignore=DL3006 + FROM ubuntu # hadolint ignore=DL3003,SC1035 RUN cd /tmp && echo "hello!" ``` -[LK1]: https://github.com/hadolint/hadolint -[LK2]: https://docs.docker.com/develop/develop-images/dockerfile_best-practices -[LK3]: https://github.com/hadolint/hadolint#rules +[hadolint]: https://github.com/hadolint/hadolint +[dbp]: https://docs.docker.com/develop/develop-images/dockerfile_best-practices +[rules]: https://github.com/hadolint/hadolint#rules +[DL3006]: https://github.com/hadolint/hadolint/wiki/DL3006 +[DL3008]: https://github.com/hadolint/hadolint/wiki/DL3008 \ No newline at end of file diff --git a/minimal-notebook/Dockerfile b/minimal-notebook/Dockerfile index 3cf6c3df..fe845c43 100644 --- a/minimal-notebook/Dockerfile +++ b/minimal-notebook/Dockerfile @@ -1,7 +1,6 @@ # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. ARG BASE_CONTAINER=jupyter/base-notebook -# hadolint ignore=DL3006 FROM $BASE_CONTAINER LABEL maintainer="Jupyter Project " @@ -9,7 +8,6 @@ LABEL maintainer="Jupyter Project " USER root # Install all OS dependencies for fully functional notebook server -# hadolint ignore=DL3008 RUN apt-get update && apt-get install -yq --no-install-recommends \ build-essential \ emacs-nox \ diff --git a/pyspark-notebook/Dockerfile b/pyspark-notebook/Dockerfile index dcb766b3..83f0b161 100644 --- a/pyspark-notebook/Dockerfile +++ b/pyspark-notebook/Dockerfile @@ -1,7 +1,6 @@ # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. ARG BASE_CONTAINER=jupyter/scipy-notebook -# hadolint ignore=DL3006 FROM $BASE_CONTAINER LABEL maintainer="Jupyter Project " @@ -14,7 +13,7 @@ USER root # Spark dependencies ENV APACHE_SPARK_VERSION=2.4.5 \ HADOOP_VERSION=2.7 -# hadolint ignore=DL3008 + RUN apt-get -y update && \ apt-get install --no-install-recommends -y openjdk-8-jre-headless ca-certificates-java && \ rm -rf /var/lib/apt/lists/* diff --git a/r-notebook/Dockerfile b/r-notebook/Dockerfile index f2b54956..3be64c85 100644 --- a/r-notebook/Dockerfile +++ b/r-notebook/Dockerfile @@ -1,7 +1,6 @@ # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. ARG BASE_CONTAINER=jupyter/minimal-notebook -# hadolint ignore=DL3006 FROM $BASE_CONTAINER LABEL maintainer="Jupyter Project " @@ -9,7 +8,6 @@ LABEL maintainer="Jupyter Project " USER root # R pre-requisites -# hadolint ignore=DL3008 RUN apt-get update && \ apt-get install -y --no-install-recommends \ fonts-dejavu \ diff --git a/scipy-notebook/Dockerfile b/scipy-notebook/Dockerfile index 64bb7626..b498e534 100644 --- a/scipy-notebook/Dockerfile +++ b/scipy-notebook/Dockerfile @@ -1,7 +1,6 @@ # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. ARG BASE_CONTAINER=jupyter/minimal-notebook -# hadolint ignore=DL3006 FROM $BASE_CONTAINER LABEL maintainer="Jupyter Project " @@ -9,7 +8,6 @@ LABEL maintainer="Jupyter Project " USER root # ffmpeg for matplotlib anim & dvipng for latex labels -# hadolint ignore=DL3008 RUN apt-get update && \ apt-get install -y --no-install-recommends ffmpeg dvipng && \ rm -rf /var/lib/apt/lists/* diff --git a/tensorflow-notebook/Dockerfile b/tensorflow-notebook/Dockerfile index 0d2a2fa0..4533fbc6 100644 --- a/tensorflow-notebook/Dockerfile +++ b/tensorflow-notebook/Dockerfile @@ -1,7 +1,6 @@ # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. ARG BASE_CONTAINER=jupyter/scipy-notebook -# hadolint ignore=DL3006 FROM $BASE_CONTAINER LABEL maintainer="Jupyter Project "